-
RAPTEE: Leveraging trusted execution environments for Byzantine-tolerant peer sampling services
Authors:
Matthieu Pigaglio,
Joachim Bruneau-Queyreix,
David Bromberg,
Davide Frey,
Etienne Rivière,
Laurent Réveillère
Abstract:
Peer sampling is a first-class abstraction used in distributed systems for overlay management and information dissemination. The goal of peer sampling is to continuously build and refresh a partial and local view of the full membership of a dynamic, large-scale distributed system. Malicious nodes under the control of an adversary may aim at being over-represented in the views of correct nodes, inc…
▽ More
Peer sampling is a first-class abstraction used in distributed systems for overlay management and information dissemination. The goal of peer sampling is to continuously build and refresh a partial and local view of the full membership of a dynamic, large-scale distributed system. Malicious nodes under the control of an adversary may aim at being over-represented in the views of correct nodes, increasing their impact on the proper operation of protocols built over peer sampling. State-of-the-art Byzantine resilient peer sampling protocols reduce this bias as long as Byzantines are not overly present. This paper studies the benefits brought to the resilience of peer sampling services when considering that a small portion of trusted nodes can run code whose authenticity and integrity can be assessed within a trusted execution environment, and specifically Intel's software guard extensions technology (SGX). We present RAPTEE, a protocol that builds and leverages trusted gossip-based communications to hamper an adversary's ability to increase its system-wide representation in the views of all nodes. We apply RAPTEE to BRAHMS, the most resilient peer sampling protocol to date. Experiments with 10,000 nodes show that with only 1% of SGX-capable devices, RAPTEE can reduce the proportion of Byzantine IDs in the view of honest nodes by up to 17% when the system contains 10% of Byzantine nodes. In addition, the security guarantees of RAPTEE hold even in the presence of a powerful attacker attempting to identify trusted nodes and injecting view-poisoned trusted nodes.
△ Less
Submitted 8 March, 2022;
originally announced March 2022.
-
Network Services Anomalies in NFV: Survey, Taxonomy, and Verification Methods
Authors:
Moubarak Zoure,
Toufik Ahmed,
Laurent Réveillère
Abstract:
Network Function Virtualization (NFV) has emerged as a disruptive networking architecture whose galloping evolution is prompting enterprises to outsource network functions to the cloud and ultimately harvest the fruits of cloud computing, including elasticity, pay-as-you-go billing model, and on-demand services provisioning. However, many reluctant enterprises oppose the benefits of this outsourci…
▽ More
Network Function Virtualization (NFV) has emerged as a disruptive networking architecture whose galloping evolution is prompting enterprises to outsource network functions to the cloud and ultimately harvest the fruits of cloud computing, including elasticity, pay-as-you-go billing model, and on-demand services provisioning. However, many reluctant enterprises oppose the benefits of this outsourcing to their critical and pressing concerns about security, trust, and compliance. The latter anticipate possible security and QoS policy violations stemming from dishonest behaviors by cloud providers, attacks by co-resident competitors, misconfiguration by cloud administrators, or implementations flaws by NFV developers. As a result, migrating sensitive workloads to the cloud requires enterprises to first assess risks by gaining knowledge of possible network services' anomalies and second, to build trust in the cloud by designing effective mechanisms to detect such anomalies. This survey provides scrutiny of network services anomalies that may occur in the NFV environments. We first present a taxonomy of network service anomalies and analyze their negative impacts on critical service attributes, including security and performance. Second, we compare and classify the existing anomalies' verification mechanisms from the literature. Finally, we point out the literature gap and identify future research directions for anomalies verification in NFV.
△ Less
Submitted 4 March, 2022;
originally announced March 2022.
-
ALDER: Unlocking blockchain performance by multiplexing consensus protocols
Authors:
Kadir Korkmaz,
Joachim Bruneau-Queyreix,
Sonia Ben Mokthar,
Laurent Réveillère
Abstract:
Most of today's online services (e.g., social networks, search engines, market places) are centralized, which is recognized as unsatisfactory by a majority of users for various reasons (e.g., centralized governance, censorship, loss of control over personal data). Blockchain technologies promise a new Web revolution (Web 3.0) through the decentralization of online services. However, one of the key…
▽ More
Most of today's online services (e.g., social networks, search engines, market places) are centralized, which is recognized as unsatisfactory by a majority of users for various reasons (e.g., centralized governance, censorship, loss of control over personal data). Blockchain technologies promise a new Web revolution (Web 3.0) through the decentralization of online services. However, one of the key limitations for this revolution to happen at a planetary scale is the poor performance of today's blockchains. We propose in this paper ALDER, a solution for unlocking the performance of off-the-shelf leader-based blockchains by multiplexing their consensus protocol. Our solution leverages the existence of multiple potential leaders to alleviate the bottleneck that exists at different levels of consensus protocols. To illustrate the benefits it brings to Blockchain performance, we apply ALDER to three representative blockchains, namely Algorand (Proof-of-Stake), RapidChain (Sharding-based) and Bitcoin (Proof-of-Work). Our evaluation, involving up to 10,000 nodes deployed on 100 physical machines, shows that using ALDER can provide up to a 300% improvement in both throughput and latency reduction.
△ Less
Submitted 7 February, 2022;
originally announced February 2022.
-
Dandelion: multiplexing Byzantine agreements to unlock blockchain performance
Authors:
Kadir Korkmaz,
Joachim Bruneau-Queyreix,
Sonia Ben Mokthar,
Laurent Réveillère
Abstract:
Permissionless blockchain protocols are known to consume an outrageous amount of computing power and suffer from a trade-off between latency and confidence in transaction confirmation. The recently proposed Algorand blockchain protocol employs Byzantine agreements and has shown transaction confirmation latency on the order of seconds. Its strong resilience to Denial-of-Service and Sybil attacks an…
▽ More
Permissionless blockchain protocols are known to consume an outrageous amount of computing power and suffer from a trade-off between latency and confidence in transaction confirmation. The recently proposed Algorand blockchain protocol employs Byzantine agreements and has shown transaction confirmation latency on the order of seconds. Its strong resilience to Denial-of-Service and Sybil attacks and its low computing power footprint make it a strong candidate for the venue of decentralized economies and business ecosystems across industries. Nevertheless, Algorand's throughput is still far from the requirements of such applications. In this paper, we empower Algorand's protocol by multiplexing its byzantine agreements in order to improve performance. Experiments on wide area networks with up to ten thousand nodes show a 4-fold throughput increase compared to the original Algorand protocol.
△ Less
Submitted 30 April, 2021;
originally announced April 2021.
-
Intel Page Modification Logging, a hardware virtualization feature: study and improvement for virtual machine working set estimation
Authors:
Stella Bitchebe,
Djob Mvondo,
Alain Tchana,
Laurent Réveillère,
Noël De Palma
Abstract:
Intel Page Modification Logging (PML) is a novel hardware feature for tracking virtual machine (VM) accessed memory pages. This task is essential in today's data centers since it allows, among others, checkpointing, live migration and working set size (WSS) estimation. Relying on the Xen hypervisor, this paper studies PML from three angles: power consumption, efficiency, and performance impact on…
▽ More
Intel Page Modification Logging (PML) is a novel hardware feature for tracking virtual machine (VM) accessed memory pages. This task is essential in today's data centers since it allows, among others, checkpointing, live migration and working set size (WSS) estimation. Relying on the Xen hypervisor, this paper studies PML from three angles: power consumption, efficiency, and performance impact on user applications. Our findings are as follows. First, PML does not incur any power consumption overhead. Second, PML reduces by up to 10.18% both VM live migration and checkpointing time. Third, PML slightly reduces by up to 0.95% the performance degradation on applications incurred by live migration and checkpointing. Fourth, PML however does not allow accurate WSS estimation because read accesses are not tracked and hot pages cannot be identified. A naive extension of PML for addressing these limitations could lead to severe performance degradation (up to 34.8%) for the VM whose WSS is computed.
This paper presents Page Reference Logging (PRL), a smart extension of PML for allowing both read and write accesses to be tracked. It does this without impacting user VMs. The paper also presents a WSS estimation system which leverages PRL and shows how this algorithm can be integrated into a data center which implements memory overcommitment. We implement PRL and the WSS estimation system under Gem5, a very popular hardware simulator. The evaluation results validate the accuracy of PRL in the estimation of WSS. They also show that PRL incurs no performance degradation for user VMs.
△ Less
Submitted 26 January, 2020;
originally announced January 2020.
-
Anonymous and confidential file sharing over untrusted clouds
Authors:
Stefan Contiu,
Sébastien Vaucher,
Rafael Pires,
Marcelo Pasin,
Pascal Felber,
Laurent Réveillère
Abstract:
Using public cloud services for storing and sharing confidential data requires end users to cryptographically protect both the data and the access to the data. In some cases, the identity of end users needs to remain confidential against the cloud provider and fellow users accessing the data. As such, the underlying cryptographic access control mechanism needs to ensure the anonymity of both data…
▽ More
Using public cloud services for storing and sharing confidential data requires end users to cryptographically protect both the data and the access to the data. In some cases, the identity of end users needs to remain confidential against the cloud provider and fellow users accessing the data. As such, the underlying cryptographic access control mechanism needs to ensure the anonymity of both data producers and consumers. We introduce A-SKY, a cryptographic access control extension capable of providing confidentiality and anonymity guarantees, all while efficiently scaling to large organizations. A-SKY leverages trusted execution environments (TEEs) to address the impracticality of anonymous broadcast encryption (ANOBE) schemes, achieving faster execution times and shorter ciphertexts. The innovative design of A-SKY limits the usage of the TEE to the narrow set of data producing operations, and thus optimizes the dominant data consumption actions by not requiring a TEE. Furthermore, we propose a scalable implementation for A-SKY leveraging micro-services that preserves strong security guarantees while being able to efficiently manage realistic large user bases. Results highlight that the A-SKY cryptographic scheme is 3 orders of magnitude better than state of the art ANOBE, and an end-to-end system encapsulating A-SKY can elastically scale to support groups of 10 000 users while maintaining processing costs below 1 second.
△ Less
Submitted 6 April, 2020; v1 submitted 15 July, 2019;
originally announced July 2019.
-
IBBE-SGX: Cryptographic Group Access Control using Trusted Execution Environments
Authors:
Stefan Contiu,
Rafael Pires,
Sébastien Vaucher,
Marcelo Pasin,
Pascal Felber,
Laurent Réveillère
Abstract:
While many cloud storage systems allow users to protect their data by making use of encryption, only few support collaborative editing on that data. A major challenge for enabling such collaboration is the need to enforce cryptographic access control policies in a secure and efficient manner. In this paper, we introduce IBBE-SGX, a new cryptographic access control extension that is efficient both…
▽ More
While many cloud storage systems allow users to protect their data by making use of encryption, only few support collaborative editing on that data. A major challenge for enabling such collaboration is the need to enforce cryptographic access control policies in a secure and efficient manner. In this paper, we introduce IBBE-SGX, a new cryptographic access control extension that is efficient both in terms of computation and storage even when processing large and dynamic workloads of membership operations, while at the same time offering zero knowledge guarantees. IBBE-SGX builds upon Identity-Based Broadcasting Encryption (IBBE). We address IBBE's impracticality for cloud deployments by exploiting Intel Software Guard Extensions (SGX) to derive cuts in the computational complexity. Moreover, we propose a group partitioning mechanism such that the computational cost of membership update is bound to a fixed constant partition size rather than the size of the whole group. We have implemented and evaluated our new access control extension. Results highlight that IBBE-SGX performs membership changes 1.2 orders of magnitude faster than the traditional approach of Hybrid Encryption (HE), producing group metadata that are 6 orders of magnitude smaller than HE, while at the same time offering zero knowledge guarantees.
△ Less
Submitted 27 July, 2018; v1 submitted 3 May, 2018;
originally announced May 2018.
-
A Language-Based Approach for Improving the Robustness of Network Application Protocol Implementations
Authors:
Burgy Laurent,
Laurent Réveillère,
Julia Lawall,
Gilles Muller
Abstract:
The secure and robust functioning of a network relies on the defect-free implementation of network applications. As network protocols have become increasingly complex, however, hand-writing network message processing code has become increasingly error-prone. In this paper, we present a domain-specific language, Zebu, for describing protocol message formats and related processing constraints. Fro…
▽ More
The secure and robust functioning of a network relies on the defect-free implementation of network applications. As network protocols have become increasingly complex, however, hand-writing network message processing code has become increasingly error-prone. In this paper, we present a domain-specific language, Zebu, for describing protocol message formats and related processing constraints. From a Zebu specification, a compiler automatically generates stubs to be used by an application to parse network messages. Zebu is easy to use, as it builds on notations used in RFCs to describe protocol grammars. Zebu is also efficient, as the memory usage is tailored to application needs and message fragments can be specified to be processed on demand. Finally, Zebu-based applications are robust, as the Zebu compiler automatically checks specification consistency and generates parsing stubs that include validation of the message structure. Using a mutation analysis in the context of SIP and RTSP, we show that Zebu significantly improves application robustness.
△ Less
Submitted 11 April, 2007;
originally announced April 2007.
